Thread: Xtrap goind down?

Originally Posted by mottapesbr

yes or maybe change the nop for jump.

Dwar said that are 3/4 calls to nop/jmp, I made this one, but can't find the others, if that nop'ed call made xtrap don't initialize, I think that now I must find a way to jump over it right?

And the jump that you say can be the JE changed to JNZ right above it? instead of NOP??


[EDIT]

Now I think I've found the second call, now the game opens without xtrap, but closes after 2 sec aprox. with no error window.

I think that now I'm closer, so I can't understand why game closes right before I open it, any Idea?

What I did:

>NOPed a call right above the "Xtrap Init error" message

PHP Code:

0041DCAE  |. 51             PUSH ECX 
0041DCAF     90             NOP 
0041DCB0     90             NOP 
0041DCB1     90             NOP 
0041DCB2     90             NOP 
0041DCB3     90             NOP 
0041DCB4  |. 83C4 08        ADD ESP,8 
0041DCB7  |. E8 34481C00    CALL AIKABRUN.005E24F0 
0041DCBC  |. 85C0           TEST EAX,EAX 
0041DCBE  |. 74 21          JE SHORT AIKABRUN.0041DCE1 
0041DCC0  |. 6A 00          PUSH 0                                   ; /Style = MB_OK|MB_APPLMODAL 
0041DCC2  |. 68 A4A96000    PUSH AIKABRUN.0060A9A4                   ; |Title = "Error" 
0041DCC7  |. 68 B8E66000    PUSH AIKABRUN.0060E6B8                   ; |Text = "Cannot Init Xtrap" 
0041DCCC  |. 6A 00          PUSH 0                                   ; |hOwner = NULL 
0041DCCE  |. FF15 10124202  CALL DWORD PTR DS:[<&user32.MessageBoxA>>; MessageBoxA 


>Changed JE to JNZ to jump the Xtrap error message

PHP Code:

0041DCBC  |. 85C0           TEST EAX,EAX
0041DCBE  |. 75 21          JE SHORT AIKABR.0041DCE1
0041DCC0  |. 6A 00          PUSH 0                                   ; /Style = MB_OK|MB_APPLMODAL
0041DCC2  |. 68 A4A96000    PUSH AIKABR.0060A9A4                     ; |Title = "Error"
0041DCC7  |. 68 B8E66000    PUSH AIKABR.0060E6B8                     ; |Text = "Cannot Init Xtrap"
0041DCCC  |. 6A 00          PUSH 0                                   ; |hOwner = NULL
0041DCCE  |. FF15 10124202  CALL DWORD PTR DS:[<&user32.MessageBoxA>>; \MessageBoxA 


TO

PHP Code:

0041DCBC  |. 85C0           TEST EAX,EAX
0041DCBE  |. 75 21          JNZ SHORT AIKABR.0041DCE1
0041DCC0  |. 6A 00          PUSH 0                                   ; /Style = MB_OK|MB_APPLMODAL
0041DCC2  |. 68 A4A96000    PUSH AIKABR.0060A9A4                     ; |Title = "Error"
0041DCC7  |. 68 B8E66000    PUSH AIKABR.0060E6B8                     ; |Text = "Cannot Init Xtrap"
0041DCCC  |. 6A 00          PUSH 0                                   ; |hOwner = NULL
0041DCCE  |. FF15 10124202  CALL DWORD PTR DS:[<&user32.MessageBoxA>>; \MessageBoxA 


>NOPed the kernel terminateprocess

(Obvious, don't need code)


So what now? I'm trying some lucky NOPs but nothing works....

Game opens without xtrap, but closes imediately, what do I have to do? Someone give a light *-*
(I deleted Xtrap folder and xtrapva3.dll and game runs ^^)



AIKA LOG (IF ITS HELPFUL)


>>> Logging System turn on.
08/08 21:11:18 - Read ItemList..OK
08/08 21:11:18 - Read Skilldata..ok
08/08 21:11:18 - Read PI..OK
08/08 21:11:18 - Init ServerList
08/08 21:11:18 - Init Timer Manager
08/08 21:11:18 - Init Render Device
08/08 21:11:19 - VertexShader HW Accel Enabled
08/08 21:11:19 - Init Network Manager

I think it lacks some nop / jump yet because the automatic closure does not seem to be due to lack of Xtrap's packets, after find this call to terminate process do you have find any away of emulate the xtrap packets. if you make this, will work.

Originally Posted by mottapesbr

I think it lacks some nop / jump yet because the automatic closure does not seem to be due to lack of Xtrap's packets, after find this call to terminate process do you have find any away of emulate the xtrap packets. if you make this, will work.

And how do I can find terminateprocess calls? I'm trying but I can't find nothing that call for terminateprocess here...

Any Idea mottapes?
Dwar? ^^



Before it loads bmp background of "loading screen", it closes, it's very fast, BUT THIS BLACK SCREEN LOADS WITHOUT XTRAP ON TASK BAR..

---------- Post added at 05:40 PM ---------- Previous post was at 03:26 AM ----------

Man it's too haaaaaard =( 2 days searching the last (I think) Line to change to make game not closes after execute :/

Someone please help

---------- Post added 2011-08-10 at 01:27 PM ---------- Previous post was 2011-08-09 at 05:40 PM ----------




AIKA Opens without xtrap and loads, but only when I execute it on Alt+F9 (Execute until user code) line by line...

It pauses on this line:

PHP Code:

0041DD98  |. E8 531D0000    CALL AIKABR.0041FAF0 


And that CALL go to this:

PHP Code:

0041FAF0  /$ 83EC 1C        SUB ESP,1C
0041FAF3  |. 53             PUSH EBX
0041FAF4  |. 56             PUSH ESI
0041FAF5  |. 57             PUSH EDI
0041FAF6  |. 6A 6D          PUSH 6D                                  ; /TableName = 6D
0041FAF8  |. 8BF1           MOV ESI,ECX                              ; |
0041FAFA  |. 6A 00          PUSH 0                                   ; |hInst = NULL
0041FAFC  |. FF15 98124202  CALL DWORD PTR DS:[<&user32.LoadAccelera>; \LoadAcceleratorsA
0041FB02  |. 8B1D 9C124202  MOV EBX,DWORD PTR DS:[<&user32.PeekMessa>;  user32.PeekMessageA
0041FB08  |. 6A 00          PUSH 0                                   ; /RemoveMsg = PM_NOREMOVE
0041FB0A  |. 8BF8           MOV EDI,EAX                              ; |
0041FB0C  |. 6A 00          PUSH 0                                   ; |MsgFilterMax = WM_NULL
0041FB0E  |. 6A 00          PUSH 0                                   ; |MsgFilterMin = WM_NULL
0041FB10  |. 8D4424 18      LEA EAX,DWORD PTR SS:[ESP+18]            ; |
0041FB14  |. 6A 00          PUSH 0                                   ; |hWnd = NULL
0041FB16  |. 50             PUSH EAX                                 ; |pMsg
0041FB17  |. C74424 24 0000>MOV DWORD PTR SS:[ESP+24],0              ; |
0041FB1F  |. FFD3           CALL EBX                                 ; \PeekMessageA
0041FB21  |. 837C24 10 12   CMP DWORD PTR SS:[ESP+10],12
0041FB26  |. 0F84 90000000  JE AIKABR.0041FBBC
0041FB2C  |. 55             PUSH EBP
0041FB2D  |. 8B2D A0124202  MOV EBP,DWORD PTR DS:[<&user32.GetMessag>;  user32.GetMessageA
0041FB33  |> 8A86 4C0A0000  /MOV AL,BYTE PTR DS:[ESI+A4C]
0041FB39  |. 84C0           |TEST AL,AL
0041FB3B  |. 74 11          |JE SHORT AIKABR.0041FB4E
0041FB3D  |. 6A 01          |PUSH 1
0041FB3F  |. 6A 00          |PUSH 0
0041FB41  |. 6A 00          |PUSH 0
0041FB43  |. 8D4C24 1C      |LEA ECX,DWORD PTR SS:[ESP+1C]
0041FB47  |. 6A 00          |PUSH 0
0041FB49  |. 51             |PUSH ECX
0041FB4A  |. FFD3           |CALL EBX
0041FB4C  |. EB 0D          |JMP SHORT AIKABR.0041FB5B
0041FB4E  |> 6A 00          |PUSH 0
0041FB50  |. 6A 00          |PUSH 0
0041FB52  |. 8D5424 18      |LEA EDX,DWORD PTR SS:[ESP+18]
0041FB56  |. 6A 00          |PUSH 0
0041FB58  |. 52             |PUSH EDX
0041FB59  |. FFD5           |CALL EBP
0041FB5B  |> 85C0           |TEST EAX,EAX
0041FB5D  |. 0F95C0         |SETNE AL
0041FB60  |. 84C0           |TEST AL,AL
0041FB62  |. 74 34          |JE SHORT AIKABR.0041FB98
0041FB64  |. 85FF           |TEST EDI,EDI
0041FB66  |. 74 18          |JE SHORT AIKABR.0041FB80
0041FB68  |. 8B46 20        |MOV EAX,DWORD PTR DS:[ESI+20]
0041FB6B  |. 85C0           |TEST EAX,EAX
0041FB6D  |. 74 11          |JE SHORT AIKABR.0041FB80
0041FB6F  |. 8D4C24 10      |LEA ECX,DWORD PTR SS:[ESP+10]
0041FB73  |. 51             |PUSH ECX                                ; /pMsg
0041FB74  |. 57             |PUSH EDI                                ; |hAccel
0041FB75  |. 50             |PUSH EAX                                ; |hWnd
0041FB76  |. FF15 A4124202  |CALL DWORD PTR DS:[<&user32.TranslateAc>; \TranslateAcceleratorA
0041FB7C  |. 85C0           |TEST EAX,EAX
0041FB7E  |. 75 30          |JNZ SHORT AIKABR.0041FBB0
0041FB80  |> 8D5424 10      |LEA EDX,DWORD PTR SS:[ESP+10]
0041FB84  |. 52             |PUSH EDX                                ; /pMsg
0041FB85  |. FF15 A8124202  |CALL DWORD PTR DS:[<&user32.TranslateMe>; \TranslateMessage
0041FB8B  |. 8D4424 10      |LEA EAX,DWORD PTR SS:[ESP+10]
0041FB8F  |. 50             |PUSH EAX                                ; /pMsg
0041FB90  |. FF15 AC124202  |CALL DWORD PTR DS:[<&user32.DispatchMes>; \DispatchMessageA
0041FB96  |. EB 18          |JMP SHORT AIKABR.0041FBB0
0041FB98  |> 8A86 4C0A0000  |MOV AL,BYTE PTR DS:[ESI+A4C]
0041FB9E  |. 84C0           |TEST AL,AL
0041FBA0  |. 74 0E          |JE SHORT AIKABR.0041FBB0
0041FBA2  |. 8BCE           |MOV ECX,ESI
0041FBA4  |. E8 47130000    |CALL AIKABR.00420EF0
0041FBA9  |. 8BCE           |MOV ECX,ESI
0041FBAB  |. E8 60190000    |CALL AIKABR.00421510
0041FBB0  |> 837C24 14 12   |CMP DWORD PTR SS:[ESP+14],12
0041FBB5  |.^0F85 78FFFFFF  \JNZ AIKABR.0041FB33
0041FBBB  |. 5D             POP EBP
0041FBBC  |> 85FF           TEST EDI,EDI
0041FBBE  |. 74 07          JE SHORT AIKABR.0041FBC7
0041FBC0  |. 57             PUSH EDI                                 ; /hAccel
0041FBC1  |. FF15 B0124202  CALL DWORD PTR DS:[<&user32.DestroyAccel>; \DestroyAcceleratorTable
0041FBC7  |> 8D8E 6C0A0000  LEA ECX,DWORD PTR DS:[ESI+A6C]
0041FBCD  |. FF15 00154202  CALL DWORD PTR DS:[<&aikasensnet.?termin>;  aikasens.?terminate@AikaSensNetChecker@@QAEJXZ
0041FBD3  |. 8B4424 14      MOV EAX,DWORD PTR SS:[ESP+14]
0041FBD7  |. 5F             POP EDI
0041FBD8  |. 5E             POP ESI
0041FBD9  |. 5B             POP EBX
0041FBDA  |. 83C4 1C        ADD ESP,1C
0041FBDD  \. C3             RETN 


And on description it says "WINTRUST.dll" when debug its on line 0041DD98 , after some time it opens the aika login screen, without xtrap, but if i try to execute it without debug, it stays on the error of open and close... What can be it?

---------- Post added at 02:00 PM ---------- Previous post was at 01:27 PM ----------




SpeedHack on

But the problem continues, I can only run pefectly AIKA if I run on debugger line by line (alt+f9), Why?

---------- Post added at 02:16 PM ---------- Previous post was at 02:00 PM ----------

08/10 11:10:34 - Init Network Manager

When I run by f9 or by executing the client stops on the line of "Init Network manager" on dbg....


I think thats left one NOP/JNZ

Speedhack crashes 95% of times when activating it, packet monitors crash game too, remembering I'm running it on ollydbg by alt+f9...

What's left to it run by itself?